Cisco 1720 User Manual download pdf (Page 10)

Page 10 of 14

Figure 4 illustrates VPN applications for two small- and

medium-sized businesses (SMB A and SMB B). SMB A has a

main ofﬁce and a branch ofﬁce, connected via a secure VPN

tunnel. SMB B is a strategic customer or supplier with a

secure extranet connection toSMB A. The VPN applications

here include:

• Intranet VPN (branch-to-branch connectivity)—Instead of

a long-distance private leased line between SMB A’s main

ofﬁceandthe branch ofﬁce, each ofﬁcesubscribestoalocal

Internet access line and an encrypted IPSec tunnel carries

the trafﬁc over the Internet for long distance. IPSec DES or

Triple DES provides data conﬁdentiality, authenticity, and

integrity while Cisco IOS Firewall, integrated into the

Cisco 1720 router, prevents unauthorized access or attack

to each ofﬁce’s LAN. Trafﬁc is prioritized using QoS

features such as policy routing or committed access rate to

ensure that mission-critical applications get the highest

network bandwidth. Cisco ConﬁgMaker simpliﬁes VPN

conﬁguration for a small/medium network with a

Graphical User Interface (GUI)-based tool that conﬁgures

basic router parameters as well as Cisco IOS Firewall and

IPSec encryption policies. IPSec conﬁguration is simpliﬁed

to a few simple steps by using standard defaults established

by Cisco ConﬁgMaker such as tunnel mode,

ESP-HMAC-MD5 (a popular IPSec transform), and

preshared key for IKE policy—secure VPN tunnels can be

quickly established by specifying the choice of encryption

algorithm (DES or Triple DES), preshared key password,

and IP addresses of destination routers. (IPSec

conﬁguration support will be available in Cisco

ConﬁgMaker in Q1 CY ‘99.)

• Access VPN (mobile-user remote access)—SMB A’s mobile

users or teleworkers/telecommuters can dial into a local

Internet POP and tunnel the long-distance trafﬁc back to

the company LAN via the Internet or a service provider’s

shared backbone. This scenario leads to cost savings by

avoiding long-distance dial charges. Access VPN tunnels

can be implemented as client-initiated or network access

server (NAS)-initiated. For client-initiated tunneling, a

standard IPSec or L2TP client on the mobile user’s PC

initiates a tunnel between the PC and the Cisco 1720

router. The router serves as a home gateway (also called

VPN tunnel server or L2TP network server) to terminate

the tunnel. For NAS-initiated tunneling, when a user dials

into a NAS at a local POP, the service provider

authenticates the user to the company and initiates an

L2TP tunnel from the NAS to the Cisco 1720 home

gateway. The user is then authenticated based on a security

server; the tunnel is terminated; and the user is authorized

to access resources on the LAN based on policies

established for him or her.

• Extranet VPN (business partner connectivity)—SMB’s A

and B reduce business process cycle time (for example, for

billing, order fulﬁllment, or joint design projects) and

strengthen their business relationship as strategic

customers, suppliers, or partners who can access certain

resources on each other’s network. The technology for

establishing extranet VPNs is similar to that for

establishing intranet VPNs. A Cisco IOS Firewall

integrated in each site’s Cisco 1720 router is conﬁgured

with custom ﬁrewall policy to allow access to resources on

a per-application and per-interface basis.

• Integrated LAN/WAN stackable solution—At each of the

sites, the Cisco 1720 router combines with Cisco 1500

series 10/100 Fast Ethernet hubs and switches, providing a

complete, integrated LAN/WAN solution from a single

vendor. Cisco ConﬁgMaker provides a common network

conﬁguration tool with step-by-step guidance through

1 2 ... 5 6 7 8 9 10 11 12 13 14

Comments to this Manuals

No comments

Cisco 1720 User Manual Page 10

Comments to this Manuals

Related products and manuals for Networking Cisco 1720